Isis
12.05.2007, 01:29
Ну вот.....писал недавно на заказ скрипт дефейс ленты...почти такая же как на damagelab, а у мну не купили :(
Все сделано очень даже , дыр нет и работает с mysql !!
База данных
CREATE TABLE `defaces` (
`id` int(11) NOT NULL auto_increment,
`die` varchar(100) NOT NULL,
`screen` varchar(100) NOT NULL,
`nick` varchar(32) NOT NULL,
`team` varchar(50) NOT NULL,
`url` varchar(50) NOT NULL,
`comment` text NOT NULL,
`check` int(11) NOT NULL default '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=cp1251 AUTO_INCREMENT=1;
Config.php
<?php
$mysql['host'] = 'localhost';
$mysql['pass'] = 'pass'; //Password Mysql base
$mysql['user'] = 'root'; //Login Mysql base
$mysql['port'] = 3306;
$mysql['name'] = 'deface'; //Mysql base name
$mysql['link'] = mysql_connect($mysql['host'],$mysql['user'],$mysql['pass']);
if (!$mysql['link']) die(mysql_error());
@mysql_query("SET NAMES cp1251");
$mysql['temp'] = mysql_select_db($mysql['name']);
if (!$mysql['temp']) die(mysql_error());
?>
index.php
<?php
include('config.php');
$do = isset($_GET['do']) ? $_GET['do'] : '';
$page = isset($_GET['page']) ? intval($_GET['page']) : '0';
if(!get_magic_quotes_gpc())
{
$ver = explode( '.', PHP_VERSION );
$ver_num = $ver[0] . $ver[1] . $ver[2];
if($ver_num < 403)
{
$die = mysql_escape_string($_POST['die']);
$screen = mysql_escape_string($_POST['screen']);
$nick = mysql_escape_string($_POST['nick']);
$team = mysql_escape_string($_POST['team']);
$url = mysql_escape_string($_POST['url']);
$comment= mysql_escape_string($_POST['comment']);
} else {
$die = addslashes($_POST['die']);
$screen = addslashes($_POST['screen']);
$nick = addslashes($_POST['nick']);
$team = addslashes($_POST['team']);
$url = addslashes($_POST['url']);
$comment= addslashes($_POST['comment']);
}
}
if(!$do)
{
$num = 10;
$result = mysql_query("SELECT COUNT(*) as cnt FROM `defaces` WHERE `check`='1'");
$refs = mysql_result($result, 0, "cnt");
$total = intval(($refs - 1) / $num) + 1;
if(!$page || $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * $num - $num;
$result = mysql_query("SELECT * FROM `defaces` WHERE `check`='1' ORDER by `check` DESC LIMIT ".$start.", ".$num."");
if (!$result) die(mysql_error());
//if (mysql_num_rows($result) == 0 ) die("Непохек(с)Isis");
$hm = mysql_num_rows(mysql_query("SELECT * FROM `defaces` WHERE `check`='1'"));
if($hm == '0') echo "<center><small>Всего в базе <b>0</b> дефейсов</small></center>";
elseif($hm == '1') echo "<center><small>Всего в базе <b>1</b> дефейс</small></center>";
elseif($hm == '2') echo "<center><small>Всего в базе <b>2</b> дефейса</small></center>";
else echo "<center><small>Всего в базе <b>".$hm."</b> дефейсов</small></center>";
$file = 'index.php';
if($page != 1) $pervpage = " [<a href= ./$file?page=1><< </a>] ";
if($page != $total) $nextpage = " [<a href= ./$file?page=".$total."> >></a>]";
if($page - 2 > 0) $page2left = " [<a href= ./$file?page=".($page - 2).">".($page - 2)."</a>] ";
if($page - 1 > 0) $page1left = " [<a href= ./$file?page=".($page - 1).">".($page - 1)."</a>] ";
if($page + 2 <= $total) $page2right = " [<a href= ./$file?page=".($page + 2).">".($page + 2)."</a>] ";
if($page + 1 <= $total) $page1right = " [<a href= ./$file?page=".($page + 1).">".($page + 1)."</a>] ";
echo $page2left.$page1left."<b>[".$page."]</b>".$page1right.$page2right;
echo "<table align='center' cellpadding='5' cellspacing='1' width='100%'>
<tr><td>Жертва</td><td>Зеркало</td><td>Ник</td><td>Название тимы</td><td width='250'>Комментарии</td></tr>";
for($i = 0; $i < mysql_num_rows($result);$i++)
{
$row = mysql_fetch_array($result);
echo "<tr><td><a href='".htmlspecialchars($row['die'])."'>".htmlspecialchars($row['die'])."</a></td>
<td align=center><a href='".htmlspecialchars($row['screen'])."' target=_blank>Скриншот</a></td>
<td><pre>".$row['nick']."</pre></td>";
if($row['url']) echo "<td><a href='".htmlspecialchars($row['url'])."'>".htmlspecialchars($row['team'])."</a></td>";
else echo "<td><pre>".$row['team']."</pre></td>";
echo "<td width='250'><pre>".$row['comment']."</pre></td></tr>";
}
echo '</table><center><a href="?do=add" title="Добавить дефейс">Добавить дефейс</a><br/>
<b>Дефейсы добавляются только после проверки администратора</b></center>';
}
if($do == 'add')
{
echo '<form method="post">
<table border="0">
<tr><td colspan="2"><small>В скобках указана максимальная длина поля</small></td></tr>
<tr><td>Жертва (100): <td><input type="text" name="die" value="http://" size="100"></td></tr>
<tr><td>Скриншот (100): <td><input type="text" name="screen" value="http://" size="100"></td></tr>
<tr><td>Ник хацкера (50): <td><input type="text" name="nick" size="100"></td></tr>
<tr><td>Тима хацкера (50): <td><input type="text" name="team" size="100"></td></tr>
<tr><td>Урл тимы хацкера (100): <td><input type="text" name="url" value="http://" size="100"></td></tr>
<tr><td>Каменты (150): <td><textarea name="comment" cols="300" rows="4"></textarea></td></tr>
<tr><td><input type="submit" name="add" value="Добавить"></td></tr>
</table>
</form>';
if($_POST['add'])
{
if(strlen($die) > 100 || strlen($screen) > 100 || strlen($nick) > 50 || strlen($team) > 50 || strlen($url) > 100 || strlen($text) > 150)
{
echo "Вы превысили кол-во символов доступных при вводе";
} else {
$query = "INSERT INTO `defaces` (`die` , `screen` , `nick` , `team` , `url` , `comment`, `check` ) VALUES ( '$die' , '$screen' , '$nick' , '$team' , '$url' , '$comment' , '0');";
$result = mysql_query($query);
if(!$result) die(mysql_error());
else {
echo "После проверки администратором, ваш дефейс будет добавлен
<HTML><HEAD><META HTTP-EQUIV='Refresh' CONTENT='1; URL=index.php'></HEAD><body>";
}
}
}
}
?>
admin.php
<?php
include('config.php');
$do = isset($_GET['do']) ? $_GET['do'] : '';
$page = isset($_GET['page']) ? intval($_GET['page']) : '0';
$number = isset($_GET['id']) ? intval($_GET['id']) : '0';
$num = 10;
$result = mysql_query("SELECT COUNT(*) as cnt FROM `defaces` ORDER by `check` ASC");
$refs = mysql_result($result, 0, "cnt");
$total = intval(($refs - 1) / $num) + 1;
if(!$page || $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * $num - $num;
$result = mysql_query("SELECT * FROM `defaces` ORDER by `id` DESC LIMIT ".$start.", ".$num."");
if (!$result) die(mysql_error());
//if (mysql_num_rows($result) == 0 ) die("Непохек(с)Isis");
$hm = mysql_num_rows(mysql_query("SELECT * FROM `defaces`"));
$nocheck = mysql_num_rows(mysql_query("SELECT * FROM `defaces` WHERE `check`='0'"));
if($hm == '0') echo "<center><small>Всего в базе <b>0</b> дефейсов</small></center>";
elseif($hm == '1') echo "<center><small>Всего в базе <b>1</b> дефейс</small></center>";
elseif($hm == '2') echo "<center><small>Всего в базе <b>2</b> дефейса</small></center>";
else echo "<center><small>Всего в базе <b>".$hm."</b> дефейсов</small><br>
Не проверенных <b>".$nocheck."</b></center>";
$file = 'index.php';
if($page != 1) $pervpage = " [<a href= ./$file?page=1><< </a>] ";
if($page != $total) $nextpage = " [<a href= ./$file?page=".$total."> >></a>]";
if($page - 2 > 0) $page2left = " [<a href= ./$file?page=".($page - 2).">".($page - 2)."</a>] ";
if($page - 1 > 0) $page1left = " [<a href= ./$file?page=".($page - 1).">".($page - 1)."</a>] ";
if($page + 2 <= $total) $page2right = " [<a href= ./$file?page=".($page + 2).">".($page + 2)."</a>] ";
if($page + 1 <= $total) $page1right = " [<a href= ./$file?page=".($page + 1).">".($page + 1)."</a>] ";
if($page > $num) echo $page2left.$page1left."<b>[".$page."]</b>".$page1right.$page2right;
echo "<form method='post'><table align='center' border='1' width='100%'>
<tr><td>Жертва</td><td>Зеркало</td><td>Ник</td><td>Название тимы</td><td width='250'>Комментарии</td><td>Edit</td>
<td>Check</td><td align='center'><b>Delete</b></td><td align='center'><b>Add</b></td></tr>";
for($i = 0; $i < mysql_num_rows($result);$i++)
{
$row = mysql_fetch_array($result);
echo "<tr><td><a href='".htmlspecialchars($row['die'])."'>".htmlspecialchars($row['die'])."</a></td>
<td align=center><a href='".htmlspecialchars($row['screen'])."' target=_blank>Скриншот</a></td>
<td>".htmlspecialchars($row['nick'])."</td>";
if($row['url']) echo "<td><a href='".htmlspecialchars($row['url'])."'>".htmlspecialchars($row['team'])."</a></td>";
else echo "<td>".htmlspecialchars($row['team'])."</td>";
echo "<td width='250'><pre>".htmlspecialchars($row['comment'])."</pre></td>";
if($row['check'] == 1) echo "<td>Checked</td>";
else echo "<td><b><font color='red'>Nocheck</font></b></td>";
echo "<td><a href='?do=edit&id=".$row['id']."'>Редакт.</a></td>
<td width='10' align='center'><input type='checkbox' name='delete[]' value='".$row['id']."'></td>
<td width='10' align='center'><input type='checkbox' name='add[]' value='".$row['id']."'></td></tr>";
}
echo "<tr><td> </td>
<td> </td>
<td> </td>
<td> </td>
<td width='250'> </td>
<td> </td>
<td> </td>
<td><input type='submit' name='del' value='Delete'></td>
<td><input type='submit' name='addef' value='Add'></td>
</tr></table></form>";
if($_POST['del'])
{
foreach($_POST['delete'] as $key)
{
$query = "DELETE FROM `defaces` WHERE `id` ='".$key."'";
$result = mysql_query($query);
if($result)
{
echo "<br/><font color='red'><b>Дефейсы успешно удален(ы)</b></font>
<HTML><HEAD><META HTTP-EQUIV='Refresh' CONTENT='1; URL=index.php'></HEAD><body>";
} else {
die(mysql_error());
}
}
}
if($_POST['addef'])
{
foreach($_POST['add'] as $key)
{
$query = "UPDATE `defaces` SET `check`='1' WHERE `id`='".$key."';";
$result = mysql_query($query);
if($result)
{
echo "<br/><font color='red'><b>Дефейсы успешно добавлены в общий список</b></font>
<HTML><HEAD><META HTTP-EQUIV='Refresh' CONTENT='1; URL=index.php'></HEAD><body>";
} else {
die(mysql_error());
}
}
}
if($do == 'edit' && $number)
{
$query = "SELECT * FROM `defaces` WHERE `id` = '".$number."'";
$result = mysql_query($query);
if(!$result) die(mysql_error());
$row = mysql_fetch_array($result);
?>
<form method="post">
<table border="0">
<tr><td colspan="2"><small>В скобках указана максимальная длина поля</small></td></tr>
<tr><td>Жертва (100): <td><input type="text" name="die" value="<?php echo htmlspecialchars($row['die']); ?>" size="100"/></td></tr>
<tr><td>Скриншот (100): <td><input type="text" name="screen" value="<?php echo htmlspecialchars($row['screen']); ?>" size="100"/></td></tr>
<tr><td>Ник хацкера (50): <td><input type="text" name="nick" size="100" value="<?php echo htmlspecialchars($row['nick']); ?>"/></td></tr>
<tr><td>Тима хацкера (50): <td><input type="text" name="team" size="100" value="<?php echo htmlspecialchars($row['team']); ?>"/></td></tr>
<tr><td>Урл тимы хацкера (100): <td><input type="text" name="url" value="<?php echo htmlspecialchars($row['url']); ?>" size="100"/></td></tr>
<tr><td>Каменты (150): <td><textarea name="comment" cols="300" rows="4"><?php echo htmlspecialchars($row['comment']); ?></textarea></td></tr>
<tr><td><input type="submit" name="edit" value="Изменить"></td></tr>
</table>
</form>
<?php
if($_POST['edit'])
{
if(!get_magic_quotes_gpc())
{
$ver = explode( '.', PHP_VERSION );
$ver_num = $ver[0] . $ver[1] . $ver[2];
if($ver_num < 403)
{
$die = mysql_escape_string($_POST['die']);
$screen = mysql_escape_string($_POST['screen']);
$nick = mysql_escape_string($_POST['nick']);
$team = mysql_escape_string($_POST['team']);
$url = mysql_escape_string($_POST['url']);
$comment= mysql_escape_string($_POST['comment']);
} else {
$die = addslashes($_POST['die']);
$screen = addslashes($_POST['screen']);
$nick = addslashes($_POST['nick']);
$team = addslashes($_POST['team']);
$url = addslashes($_POST['url']);
$comment= addslashes($_POST['comment']);
}
}
$query = "UPDATE `defaces` SET `die`='$die', `screen`='$screen', `nick`='$nick', `team`='$team', `url`='$url', `comment`='$comment', `check`='1' WHERE `id`='".$number."';";
$result = mysql_query($query);
if($result)
{
echo "<br/><font color='red'><b>Дефейс успешно отредактирован</b></font>
<HTML><HEAD><META HTTP-EQUIV='Refresh' CONTENT='1; URL=index.php'></HEAD><body>";
} else {
die(mysql_error());
}
}
}
?>
Доступ в админку запретите там или Basic авторизацией или по ип, или как хотите!
[Coded by Isis]
Все сделано очень даже , дыр нет и работает с mysql !!
База данных
CREATE TABLE `defaces` (
`id` int(11) NOT NULL auto_increment,
`die` varchar(100) NOT NULL,
`screen` varchar(100) NOT NULL,
`nick` varchar(32) NOT NULL,
`team` varchar(50) NOT NULL,
`url` varchar(50) NOT NULL,
`comment` text NOT NULL,
`check` int(11) NOT NULL default '0',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=cp1251 AUTO_INCREMENT=1;
Config.php
<?php
$mysql['host'] = 'localhost';
$mysql['pass'] = 'pass'; //Password Mysql base
$mysql['user'] = 'root'; //Login Mysql base
$mysql['port'] = 3306;
$mysql['name'] = 'deface'; //Mysql base name
$mysql['link'] = mysql_connect($mysql['host'],$mysql['user'],$mysql['pass']);
if (!$mysql['link']) die(mysql_error());
@mysql_query("SET NAMES cp1251");
$mysql['temp'] = mysql_select_db($mysql['name']);
if (!$mysql['temp']) die(mysql_error());
?>
index.php
<?php
include('config.php');
$do = isset($_GET['do']) ? $_GET['do'] : '';
$page = isset($_GET['page']) ? intval($_GET['page']) : '0';
if(!get_magic_quotes_gpc())
{
$ver = explode( '.', PHP_VERSION );
$ver_num = $ver[0] . $ver[1] . $ver[2];
if($ver_num < 403)
{
$die = mysql_escape_string($_POST['die']);
$screen = mysql_escape_string($_POST['screen']);
$nick = mysql_escape_string($_POST['nick']);
$team = mysql_escape_string($_POST['team']);
$url = mysql_escape_string($_POST['url']);
$comment= mysql_escape_string($_POST['comment']);
} else {
$die = addslashes($_POST['die']);
$screen = addslashes($_POST['screen']);
$nick = addslashes($_POST['nick']);
$team = addslashes($_POST['team']);
$url = addslashes($_POST['url']);
$comment= addslashes($_POST['comment']);
}
}
if(!$do)
{
$num = 10;
$result = mysql_query("SELECT COUNT(*) as cnt FROM `defaces` WHERE `check`='1'");
$refs = mysql_result($result, 0, "cnt");
$total = intval(($refs - 1) / $num) + 1;
if(!$page || $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * $num - $num;
$result = mysql_query("SELECT * FROM `defaces` WHERE `check`='1' ORDER by `check` DESC LIMIT ".$start.", ".$num."");
if (!$result) die(mysql_error());
//if (mysql_num_rows($result) == 0 ) die("Непохек(с)Isis");
$hm = mysql_num_rows(mysql_query("SELECT * FROM `defaces` WHERE `check`='1'"));
if($hm == '0') echo "<center><small>Всего в базе <b>0</b> дефейсов</small></center>";
elseif($hm == '1') echo "<center><small>Всего в базе <b>1</b> дефейс</small></center>";
elseif($hm == '2') echo "<center><small>Всего в базе <b>2</b> дефейса</small></center>";
else echo "<center><small>Всего в базе <b>".$hm."</b> дефейсов</small></center>";
$file = 'index.php';
if($page != 1) $pervpage = " [<a href= ./$file?page=1><< </a>] ";
if($page != $total) $nextpage = " [<a href= ./$file?page=".$total."> >></a>]";
if($page - 2 > 0) $page2left = " [<a href= ./$file?page=".($page - 2).">".($page - 2)."</a>] ";
if($page - 1 > 0) $page1left = " [<a href= ./$file?page=".($page - 1).">".($page - 1)."</a>] ";
if($page + 2 <= $total) $page2right = " [<a href= ./$file?page=".($page + 2).">".($page + 2)."</a>] ";
if($page + 1 <= $total) $page1right = " [<a href= ./$file?page=".($page + 1).">".($page + 1)."</a>] ";
echo $page2left.$page1left."<b>[".$page."]</b>".$page1right.$page2right;
echo "<table align='center' cellpadding='5' cellspacing='1' width='100%'>
<tr><td>Жертва</td><td>Зеркало</td><td>Ник</td><td>Название тимы</td><td width='250'>Комментарии</td></tr>";
for($i = 0; $i < mysql_num_rows($result);$i++)
{
$row = mysql_fetch_array($result);
echo "<tr><td><a href='".htmlspecialchars($row['die'])."'>".htmlspecialchars($row['die'])."</a></td>
<td align=center><a href='".htmlspecialchars($row['screen'])."' target=_blank>Скриншот</a></td>
<td><pre>".$row['nick']."</pre></td>";
if($row['url']) echo "<td><a href='".htmlspecialchars($row['url'])."'>".htmlspecialchars($row['team'])."</a></td>";
else echo "<td><pre>".$row['team']."</pre></td>";
echo "<td width='250'><pre>".$row['comment']."</pre></td></tr>";
}
echo '</table><center><a href="?do=add" title="Добавить дефейс">Добавить дефейс</a><br/>
<b>Дефейсы добавляются только после проверки администратора</b></center>';
}
if($do == 'add')
{
echo '<form method="post">
<table border="0">
<tr><td colspan="2"><small>В скобках указана максимальная длина поля</small></td></tr>
<tr><td>Жертва (100): <td><input type="text" name="die" value="http://" size="100"></td></tr>
<tr><td>Скриншот (100): <td><input type="text" name="screen" value="http://" size="100"></td></tr>
<tr><td>Ник хацкера (50): <td><input type="text" name="nick" size="100"></td></tr>
<tr><td>Тима хацкера (50): <td><input type="text" name="team" size="100"></td></tr>
<tr><td>Урл тимы хацкера (100): <td><input type="text" name="url" value="http://" size="100"></td></tr>
<tr><td>Каменты (150): <td><textarea name="comment" cols="300" rows="4"></textarea></td></tr>
<tr><td><input type="submit" name="add" value="Добавить"></td></tr>
</table>
</form>';
if($_POST['add'])
{
if(strlen($die) > 100 || strlen($screen) > 100 || strlen($nick) > 50 || strlen($team) > 50 || strlen($url) > 100 || strlen($text) > 150)
{
echo "Вы превысили кол-во символов доступных при вводе";
} else {
$query = "INSERT INTO `defaces` (`die` , `screen` , `nick` , `team` , `url` , `comment`, `check` ) VALUES ( '$die' , '$screen' , '$nick' , '$team' , '$url' , '$comment' , '0');";
$result = mysql_query($query);
if(!$result) die(mysql_error());
else {
echo "После проверки администратором, ваш дефейс будет добавлен
<HTML><HEAD><META HTTP-EQUIV='Refresh' CONTENT='1; URL=index.php'></HEAD><body>";
}
}
}
}
?>
admin.php
<?php
include('config.php');
$do = isset($_GET['do']) ? $_GET['do'] : '';
$page = isset($_GET['page']) ? intval($_GET['page']) : '0';
$number = isset($_GET['id']) ? intval($_GET['id']) : '0';
$num = 10;
$result = mysql_query("SELECT COUNT(*) as cnt FROM `defaces` ORDER by `check` ASC");
$refs = mysql_result($result, 0, "cnt");
$total = intval(($refs - 1) / $num) + 1;
if(!$page || $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * $num - $num;
$result = mysql_query("SELECT * FROM `defaces` ORDER by `id` DESC LIMIT ".$start.", ".$num."");
if (!$result) die(mysql_error());
//if (mysql_num_rows($result) == 0 ) die("Непохек(с)Isis");
$hm = mysql_num_rows(mysql_query("SELECT * FROM `defaces`"));
$nocheck = mysql_num_rows(mysql_query("SELECT * FROM `defaces` WHERE `check`='0'"));
if($hm == '0') echo "<center><small>Всего в базе <b>0</b> дефейсов</small></center>";
elseif($hm == '1') echo "<center><small>Всего в базе <b>1</b> дефейс</small></center>";
elseif($hm == '2') echo "<center><small>Всего в базе <b>2</b> дефейса</small></center>";
else echo "<center><small>Всего в базе <b>".$hm."</b> дефейсов</small><br>
Не проверенных <b>".$nocheck."</b></center>";
$file = 'index.php';
if($page != 1) $pervpage = " [<a href= ./$file?page=1><< </a>] ";
if($page != $total) $nextpage = " [<a href= ./$file?page=".$total."> >></a>]";
if($page - 2 > 0) $page2left = " [<a href= ./$file?page=".($page - 2).">".($page - 2)."</a>] ";
if($page - 1 > 0) $page1left = " [<a href= ./$file?page=".($page - 1).">".($page - 1)."</a>] ";
if($page + 2 <= $total) $page2right = " [<a href= ./$file?page=".($page + 2).">".($page + 2)."</a>] ";
if($page + 1 <= $total) $page1right = " [<a href= ./$file?page=".($page + 1).">".($page + 1)."</a>] ";
if($page > $num) echo $page2left.$page1left."<b>[".$page."]</b>".$page1right.$page2right;
echo "<form method='post'><table align='center' border='1' width='100%'>
<tr><td>Жертва</td><td>Зеркало</td><td>Ник</td><td>Название тимы</td><td width='250'>Комментарии</td><td>Edit</td>
<td>Check</td><td align='center'><b>Delete</b></td><td align='center'><b>Add</b></td></tr>";
for($i = 0; $i < mysql_num_rows($result);$i++)
{
$row = mysql_fetch_array($result);
echo "<tr><td><a href='".htmlspecialchars($row['die'])."'>".htmlspecialchars($row['die'])."</a></td>
<td align=center><a href='".htmlspecialchars($row['screen'])."' target=_blank>Скриншот</a></td>
<td>".htmlspecialchars($row['nick'])."</td>";
if($row['url']) echo "<td><a href='".htmlspecialchars($row['url'])."'>".htmlspecialchars($row['team'])."</a></td>";
else echo "<td>".htmlspecialchars($row['team'])."</td>";
echo "<td width='250'><pre>".htmlspecialchars($row['comment'])."</pre></td>";
if($row['check'] == 1) echo "<td>Checked</td>";
else echo "<td><b><font color='red'>Nocheck</font></b></td>";
echo "<td><a href='?do=edit&id=".$row['id']."'>Редакт.</a></td>
<td width='10' align='center'><input type='checkbox' name='delete[]' value='".$row['id']."'></td>
<td width='10' align='center'><input type='checkbox' name='add[]' value='".$row['id']."'></td></tr>";
}
echo "<tr><td> </td>
<td> </td>
<td> </td>
<td> </td>
<td width='250'> </td>
<td> </td>
<td> </td>
<td><input type='submit' name='del' value='Delete'></td>
<td><input type='submit' name='addef' value='Add'></td>
</tr></table></form>";
if($_POST['del'])
{
foreach($_POST['delete'] as $key)
{
$query = "DELETE FROM `defaces` WHERE `id` ='".$key."'";
$result = mysql_query($query);
if($result)
{
echo "<br/><font color='red'><b>Дефейсы успешно удален(ы)</b></font>
<HTML><HEAD><META HTTP-EQUIV='Refresh' CONTENT='1; URL=index.php'></HEAD><body>";
} else {
die(mysql_error());
}
}
}
if($_POST['addef'])
{
foreach($_POST['add'] as $key)
{
$query = "UPDATE `defaces` SET `check`='1' WHERE `id`='".$key."';";
$result = mysql_query($query);
if($result)
{
echo "<br/><font color='red'><b>Дефейсы успешно добавлены в общий список</b></font>
<HTML><HEAD><META HTTP-EQUIV='Refresh' CONTENT='1; URL=index.php'></HEAD><body>";
} else {
die(mysql_error());
}
}
}
if($do == 'edit' && $number)
{
$query = "SELECT * FROM `defaces` WHERE `id` = '".$number."'";
$result = mysql_query($query);
if(!$result) die(mysql_error());
$row = mysql_fetch_array($result);
?>
<form method="post">
<table border="0">
<tr><td colspan="2"><small>В скобках указана максимальная длина поля</small></td></tr>
<tr><td>Жертва (100): <td><input type="text" name="die" value="<?php echo htmlspecialchars($row['die']); ?>" size="100"/></td></tr>
<tr><td>Скриншот (100): <td><input type="text" name="screen" value="<?php echo htmlspecialchars($row['screen']); ?>" size="100"/></td></tr>
<tr><td>Ник хацкера (50): <td><input type="text" name="nick" size="100" value="<?php echo htmlspecialchars($row['nick']); ?>"/></td></tr>
<tr><td>Тима хацкера (50): <td><input type="text" name="team" size="100" value="<?php echo htmlspecialchars($row['team']); ?>"/></td></tr>
<tr><td>Урл тимы хацкера (100): <td><input type="text" name="url" value="<?php echo htmlspecialchars($row['url']); ?>" size="100"/></td></tr>
<tr><td>Каменты (150): <td><textarea name="comment" cols="300" rows="4"><?php echo htmlspecialchars($row['comment']); ?></textarea></td></tr>
<tr><td><input type="submit" name="edit" value="Изменить"></td></tr>
</table>
</form>
<?php
if($_POST['edit'])
{
if(!get_magic_quotes_gpc())
{
$ver = explode( '.', PHP_VERSION );
$ver_num = $ver[0] . $ver[1] . $ver[2];
if($ver_num < 403)
{
$die = mysql_escape_string($_POST['die']);
$screen = mysql_escape_string($_POST['screen']);
$nick = mysql_escape_string($_POST['nick']);
$team = mysql_escape_string($_POST['team']);
$url = mysql_escape_string($_POST['url']);
$comment= mysql_escape_string($_POST['comment']);
} else {
$die = addslashes($_POST['die']);
$screen = addslashes($_POST['screen']);
$nick = addslashes($_POST['nick']);
$team = addslashes($_POST['team']);
$url = addslashes($_POST['url']);
$comment= addslashes($_POST['comment']);
}
}
$query = "UPDATE `defaces` SET `die`='$die', `screen`='$screen', `nick`='$nick', `team`='$team', `url`='$url', `comment`='$comment', `check`='1' WHERE `id`='".$number."';";
$result = mysql_query($query);
if($result)
{
echo "<br/><font color='red'><b>Дефейс успешно отредактирован</b></font>
<HTML><HEAD><META HTTP-EQUIV='Refresh' CONTENT='1; URL=index.php'></HEAD><body>";
} else {
die(mysql_error());
}
}
}
?>
Доступ в админку запретите там или Basic авторизацией или по ип, или как хотите!
[Coded by Isis]